How To Bug Mitch McConnell's Office

"Bugging" in the context of politics raises images of burglars messing with telephones and clunky tape recorders in the Oval Office. Now you'd just use malware.

A report in Mother Jones this week cites a recording of Senate Minority Leader Mitch McConnell (R-Ky.) in his offices engaged in what he thought was a private conversation. Someone recorded the conversation and provided the recording to Mother Jones.

Especially in the context of political figures our thinking about surveillance gets primitive. Indeed, even the title of the Mother Jones article exhibits this: "Secret Tape: McConnell and Aides Weighed Using Judd's Mental Health and Religion as Political Ammo". The emphasis on "Secret Tape" is mine, and I'm not going to get into the substance of the discussion in this commentary.

The term "bugging" in political context raises images of Watergate (for those of us old enough to remember it — I'm 51 and remember it clearly), with burglars breaking into a building and physically messing with telecommunications equipment, not to mention big clunky tape recorders in the Oval Office.

The sort of bugging equipment used in the Watergate break-in

Nowadays you'd do it completely differently. How would you record someone's conversations clandestinely? You'd use the powerful and flexible world of malicious software. Every computer and mobile device in that office where Senator McConnell was speaking is a potential clandestine recording device.

A malicious program installed on any computer or phone or tablet in the office could turn on the microphone, record the contents and forward it on to the attacker, either through email or some cloud sharing service. It's not all that complicated. The program could also potentially record video, but this is more likely to be noticed because of the large volume of data involved.

What's a little complicated is how you'd get the malicious software on the specific device. This would involve what we call a targeted attack against McConnell or his staff. I don't know exactly how it's done, but obviously it can be done.

It's possible, through rigourous best practices, to prevent this sort of surveillance softwre from getting on your systems, but sadly it's common for people not to want the inconvenience attached to such security.

As the story makes clear, we were recently provided the tape by a source who wished to remain anonymous. We were not involved in the making of the tape, but we published a story on the tape due to its obvious newsworthiness. It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that.

Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.